How to Customize your Form Login

Using a form login for authentication
is a common, and flexible, method for handling authentication in Symfony.
Pretty much every aspect of the form login can be customized. The full, default
configuration is shown in the next section.

You can change where the login form redirects after a successful login using
the various config options. By default the form will redirect to the URL the
user requested (i.e. the URL which triggered the login form being shown).
For example, if the user requested http://www.example.com/admin/post/18/edit,
then after they successfully log in, they will eventually be sent back to
http://www.example.com/admin/post/18/edit.
This is done by storing the requested URL in the session.
If no URL is present in the session (perhaps the user went
directly to the login page), then the user is redirected to the default page,
which is / (i.e. the homepage) by default. You can change this behavior
in several ways.

Note

As mentioned, by default the user is redirected back to the page originally
requested. Sometimes, this can cause problems, like if a background Ajax
request "appears" to be the last visited URL, causing the user to be
redirected there. For information on controlling this behavior, see
How to Change the default Target Path Behavior.

In case no previous URL was stored in the session, you may wish to try using
the HTTP_REFERER instead, as this will often be the same. You can do
this by setting use_referer to true (it defaults to false):

You can also override where the user is redirected to via the form itself by
including a hidden field with the name _target_path. For example, to
redirect to the URL defined by some account route, use the following:

Now, the user will be redirected to the value of the hidden form field. The
value attribute can be a relative path, absolute URL, or a route name. You
can even change the name of the hidden form field by changing the target_path_parameter
option to another value.

In addition to redirecting the user after a successful login, you can also set
the URL that the user should be redirected to after a failed login (e.g. an
invalid username or password was submitted). By default, the user is redirected
back to the login form itself. You can set this to a different route (e.g.
login_failure) with the following config: